HELP me analyze this Hi-Jack log PLEASE!!

Discussion in 'Malware Help (A Specialist Will Reply)' started by spliffsta, Jan 16, 2005.

  1. spliffsta

    spliffsta Private E-2

    Hey, this is my first post.. but i'm no stranger to these POS spyware crap... I''ve had to format my computer twice in the last 4 months to get rid of the spyware because none of the ad-aware or spyware programs worked!!

    I'm tired of being passive and just getting raped by these... will some one please help me out.. I ran almost every program too (spybot, ad-aware, spyware blaster, microsoft's AntiSpyware... ) none worked!! anyway.. from spybot, it found CoolWWWSearch and Common Hijacker... and thats what I have.. a hijacker and its annyoing as hell... below is my hi-jack this log file...

    thanks!

    --==--==---===--==- HI JACK THIS LOG FILE --===--==---==---===

    Edit by chaslang: unrequested inline log deleted
     
    Last edited by a moderator: Jan 16, 2005
    spliffsta, Jan 16, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    HJT is not the first step and we have guidelines about how and when to post them. Please read our sticky threads. A big part of your problems are the result of not having an antispyware application installed and running.

    Note these are trojans:
    O4 - HKCU\..\Run: [CTFMONSS] C:\WINDOWS\System32\CTFMONSS.EXE
    O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

    Since you problems seem to repeat, I would suggest you need to look at this too:
    How to Protect yourself from malware!
     
    chaslang, Jan 16, 2005
    #2
  3. spliffsta

    spliffsta Private E-2

    Ok, I ran an antivirus program, called eScan AntiVirus, and it found 35 viruses, which it deleated, however, it also found spyware that spybot, adaware and other spyware programs didnt. The problem is, I do not know how to delete them and eScan didnt delete/wont delete them either. This what the log said of eScan:

    File C:\System Volume Information\_restore{1387EEC3-83CF-446D-8DFB-2865EBBC5C66}\RP110\A0008681.EXE tagged as not-a-virus:AdWare.WebRebates.b. No Action Taken.

    File C:\System Volume Information\_restore{1387EEC3-83CF-446D-8DFB-2865EBBC5C66}\RP110\A0007256.EXE tagged as not-a-virus:AdWare.WebRebates.b. No Action Taken.

    File C:\System Volume Information\_restore{1387EEC3-83CF-446D-8DFB-2865EBBC5C66}\RP110\A0007257.EXE tagged as not-a-virus:AdWare.HelpExpress. No Action Taken.


    Also when I ran Spybot, it found a DSO exploit and it found CoolWebSearch.. both of which it could not delete, however, I ran a couple of programs, including the latest CWShredder and none of them detected and traces of it??
     
    spliffsta, Jan 16, 2005
    #3
  4. spliffsta

    spliffsta Private E-2

    Actually... my system seems a lot better now.. but my homepage won't stay the same... even if i go into the internet explorer options and set my homepage as "www.google.com" it wont the next time I load up the browser.. it keeps going to this:

    res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm

    and i can't delete the .dll file either because it says its being used!
     
    spliffsta, Jan 16, 2005
    #4
  5. spliffsta

    spliffsta Private E-2

    [edit:]

    damnit!! now i'm getting this when i try to enter a url in IE:

    res://wtlbass32.dll/HTTP_Blocked.htm

    and the page says:
    -------------------------
    Access Blocked - Virus Warning!
    You cannot access this site due to following reason:
    Your computer was infected by Spyware or Adware Software.
    This is dangerous software which disclose your personal
    and transferred data and/or display unsolices advertising.
    You can use this ADWARE/SPYWARE REMOVAL tools in
    order to solve this problem and prevent futurer infection.


    You can click Search to look for information on the Internet.




    HTTP Error - Access Blocked
    --------------------------------

    but i just cleaned all the viruses off of my computer?? whats going on?
     
    spliffsta, Jan 16, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you would just follow the directions given, you would not have had those problems. The first step in the READ ME tells you to disable System Restore. That's were eScan is showing you problems. Please run the READ ME FIRST and if still having a problem afterwards follow the directions I gave for posting a HijackThis log.
     
    chaslang, Jan 16, 2005
    #6
  7. spliffsta

    spliffsta Private E-2

    Hey, is RadClock.exe malicious file?

    it comes up on HiJack This as:

    O23 - Service: RadClock - Unknown - C:\WINDOWS\system32\RadClock.exe
     
    spliffsta, Jan 17, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I believe it is part of this: http://www28.brinkster.com/chrisww1942/
     
    chaslang, Jan 17, 2005
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds